Run pg_upgrade and pg_resetxlog with restricted token on Windows

As with initdb these programs need to run with a restricted token, and
if they don't pg_upgrade will fail when run as a user with Adminstrator
privileges.

Backpatch to all live branches. On the development branch the code is
reorganized so that the restricted token code is now in a single
location. On the stable bramches a less invasive change is made by
simply copying the relevant code to pg_upgrade.c and pg_resetxlog.c.

Patches and bug report from Muhammad Asif Naeem, reviewed by Michael
Paquier, slightly edited by me.

1 files changed, 24 insertions, 0 deletions

diff --git a/src/include/common/restricted_token.h b/src/include/common/restricted_token.h
new file mode 100644
index 00000000000..e24374483c7
--- /dev/null
+++ b/src/include/common/restricted_token.h
@@ -0,0 +1,24 @@
+/*
+ *	restricted_token.h
+ *		helper routine to ensure restricted token on Windows
+ *
+ *  Portions Copyright (c) 1996-2015, PostgreSQL Global Development Group
+ *  Portions Copyright (c) 1994, Regents of the University of California
+ *
+ *	src/include/common/restricted_token.h
+ */
+#ifndef COMMON_RESTRICTED_TOKEN_H
+#define COMMON_RESTRICTED_TOKEN_H
+
+/*
+ * On Windows make sure that we are running with a restricted token,
+ * On other platforms do nothing.
+ */
+void	get_restricted_token(const char *progname);
+
+#ifdef WIN32
+/* Create a restricted token and execute the specified process with it. */
+HANDLE	CreateRestrictedProcess(char *cmd, PROCESS_INFORMATION *processInfo, const char	*progname);
+#endif
+
+#endif   /* COMMON_RESTRICTED_TOKEN_H */